The OVAL Repository 5.6 2009-11-20T04:32:23.506-05:00 VMWare ESX Server 4 parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. Michael Wood DRAFT Michael Wood INTERIM INTERIM VMware ESX Server 4 The operating system installed on the system is VMware ESX Server 4.0. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4 The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4 The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 4 The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. Michael Wood DRAFT Michael Wood INTERIM INTERIM VMware ESX Server 4 The operating system installed on the system is VMware ESX Server 4.0. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 4 udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. Michael Wood DRAFT Michael Wood INTERIM INTERIM VMware ESX Server 4 The operating system installed on the system is VMware ESX Server 4.0. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4 The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3 The operating system installed on the system is VMWare ESX Server 3.0.3. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMware ESX Server 3.5 The operating system installed on the system is VMware ESX Server 3.5.0. Pai Peng DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3 The operating system installed on the system is VMWare ESX Server 3.0.2. Yuzheng Zhou DRAFT INTERIM ACCEPTED ACCEPTED VMware ESX Server 4 The operating system installed on the system is VMware ESX Server 4.0. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED